Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2083

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

Published

2009-06-16T21:00:00.437

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	drupal	drupal	*	No
Application	mattias_hutterer	taxonomy_manager	5.x-1.0	Yes
Application	mattias_hutterer	taxonomy_manager	5.x-1.1	Yes
Application	mattias_hutterer	taxonomy_manager	5.x-1.x-dev	Yes

References

http://drupal.org/node/487620 Patch, Vendor Advisory ([email protected])
http://drupal.org/node/487818 Patch, Vendor Advisory ([email protected])
http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability Exploit, URL Repurposed ([email protected])
http://secunia.com/advisories/35391 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/35286 ([email protected])
http://drupal.org/node/487620 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://drupal.org/node/487818 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability Exploit, URL Repurposed (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35391 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35286 (af854a3a-2127-422b-91ae-364da2661108)